Vigil@nce: Linux kernel, denial of service of RDS
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use RDS and IPoIB, in order to stop the
system.
– Severity: 1/4
– Creation date: 19/06/2012
IMPACTED PRODUCTS
– Linux kernel
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The RDS (Reliable Datagram Sockets) protocol is used to transmit
data in a non connected mode. It is supported by kernels since
version 2.6.30.
The InfiniBand technology is used to transmit data efficiently. An
IP address can be configured over InfiniBand (IPoIB).
However, when a RDS socket uses IPoIB (same IP source and
destination addresses), the kernel calls the BUG_ON() macro, which
generates an assertion error.
A local attacker can therefore use RDS and IPoIB, in order to stop
the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-of-RDS-11723